Archive for the ‘Regulatory Risk’ category

Insurers in the US and Canada are required to state their own internal Risk Capital Standard in their ORSA Summary Report. From RISKVIEWS observations over the years of actual insurer actions, insurers have actually operated with four levels of Risk Capital Standards:

Secure – enough capital to satisfy sophisticated commercial buyers that you will pay claims in most situations

Robust – enough capital to maintain a Secure level of capital after a major loss

In many cases, this is not necessarily a clear conscious decision, but insurers do seem to pick one of those four levels and stick with it.

Insurers operating at the Solvency levels are usually in constant contact with their regulator. They are almost always very small insurers who are operating on the verge of regulatory takeover. They operate in markets where there is no concern on the part of their customers for the security of their insurer. Sometimes these insurers are government sponsored and are permitted to operate at this level for as long as they are able because the government is unwilling to provide enough capital and the company is not able to charge enough premiums to build up additional capital, possibly because of government restrictions to rates. This group of insurers is very small in most times. Any adverse experience will mean the end of the line for these companies.

Many insurers operate at the Viable level. These insurers are usually operating in one or several personal/individual insurance lines where their customers are not aware of or are not sensitive to security concerns. Most often these insurers write short term coverages such as health insurance, auto insurance or term insurance. These insurers can operate in this manner for decades or until they experience a major loss event. They do not have capital for such an event so their are three possible outcomes: insolvency and breakup of the company, continued operation at the Solvency level of capital with or without gradual recovery of capital to the Viable level.

The vast bulk of the insurance industry operates at the Secure level of capital. Companies with a Secure capital level are able to operate in commercial/group lines of business, reinsurance or the large amount individual products where there is a somewhat knowledgeable assessment of security as a part of the due diligence process of the insurance buyer. With capital generally at the level of a major loss plus the Viable capital level, these companies can usually withstand a major loss event on paper, but if their business model is dependent upon those products and niches where high security is required, a major loss will likely put them out of business because of a loss of confidence of their customer base. After a large loss, some insurers have been able to shift to operating with a Viable capital level and gradually rebuild their capital to regain the Secure position and re-engage with their original markets. But most commonly, a major loss causes these insurers to allow themselves to be acquired so that they can get value for the infrastructure that supports their high end business model.

A few insurers and reinsurers have the goal of retaining their ability to operate in their high end markets in the event of a major loss by targeting a Robust capital level. These insurers are holding capital that is at least as much as a major loss plus the Secure capital level. In some cases, these groups are the reinsurers who provide risk relief to other Robust insurers and to the more cautious insurers at the Secure level. Other firms in this groups include larger old mutual insurers who are under no market pressure to shed excess capital to improve Return on Capital. These firms are easily able to absorb moderate losses without significant damage to their level of security and can usually retain at least the Secure level of capital after a major loss event. If that major loss event is a systematic loss, they are able to retain their market leading position. However, if they sustain a major loss that is less broadly shared, they might end up losing their most security conscious customers. Risk management strategy for these firms should focus on avoiding such an idiosyncratic loss. However, higher profits are often hoped for from concentrated, unique (re)insurance deals which is usually the temptation that leads to these firms falling from grace.

One of the goals of Solvency II in Europe has been to outlaw operating an insurer at the Solvency or Viable levels of capital. This choice presents two problems:

It has led to the problem regarding the standard capital formula. As noted above, the Solvency level is where most insurers would choose to operate. Making this the regulatory minimum capital means that the standard formula must be near perfectly correct, a daunting task even without the political pressures on the project. Regulators tendency would be to make all approximations rounding up. That is likely to raise the cost of the lines of insurance that are most effected by the rounding.

It is likely to send many insurers into the arms of the regulators for resolution in the event of a significant systematic loss event. Since there is not ever going to be regulatory capacity to deal with resolution of a large fraction of the industry, nor is resolution likely to be needed (since many insurers have been operating in Europe just fine with a Viable level of capital for many years). It is therefore likely that the response to such an event will be to adjust the minimum capital requirement in one way or another, perhaps allowing several years for insurers to regain the “minimum” capital requirement. Such actions will undermine the degree to which insurers who operate in markets that have traditionally accepted a Viable capital level will take the capital requirement completely seriously.

It is RISKVIEWS impression that the Canadian regulatory minimum capital is closer to the Viable level. While the US RBC action level is at the Solvency level.

It is yet to be seen whether the US eventually raises the RBC requirement to the Viable level or if Canada raises its MCCSR to the Secure level because of pressure to comply with the European experiment.

If asked, RISKVIEWS would suggest that the US and Canada waits until (a) the Europeans actually implement Solvency II (which is not expected to be fully inforce for many years after initial implementation due to phase in rules) and (b) the European industry experiences a systematic loss event. RISKVIEWS is not likely to be asked, however.

It is RISKVIEWS prediction that the highly theoretical ideas that drive Solvency II will need major adjustment and that those adjustments will need to be made at that time when there is a major systematic loss event. So the ultimate nature of Solvency II will remain a complete mystery until then.

Nor from a policy, nor from a speech, nor from a mission statement nor a value statement.

Like all of corporate culture, Risk Culture comes from experiences. Risk Culture comes from experiences with risk. Corporate Culture is fundamentally the embedded, unspoken assumptions that underlie behaviors and decisions of the management and staff of the firm. Risk Culture is fundamentally the embedded, unspoken assumptions and beliefs about risk that underlie behaviors and decisions of the management and staff of the firm.

Corporate culture is formed initially when a company is first started. The new company tries an approach to risk, usually based upon the prior experiences of the first leaders of the firm. If those approaches are successful, then they become the Risk Culture. If they are unsuccessful, then the new company often just fails.

In his book, Fooled by Randomness, Nassim Taleb points out that there is a survivor bias involved here. Some of the companies that survive the early years are managing their risk correctly and some are simply lucky. Taleb tells the story of mutual fund managers who either beat the market or not each year. Looking back over 5 years, a fund manager who was one of 30 out of 1000 who beat the market every one of those five years might believe that their performance and therefore their ability was far above average. However, Taleb points out that if whether a manager beat the market or not each year was determined by a coin toss, statistics tells us to expect 31 to beat the market.

That was for a situation where we assume that the good results were likely 50% of the time. For risk management, the event that is being managed is often a 1/100 likelihood. There is a 95% chance of avoiding a 1/100 loss in any five year period, just by showing up with average risk management. That makes it fairly likely that poor risk management can be easily overcome by just a little bit of luck.

So by the natural process of experience, Risk Culture is formed based upon what worked in the past.

In banks and hedge funds and other financial firms where risk taking is a fundamental part of the business, the Risk Culture often supports those who take risks and win. Regardless of whether the amount of risk is within limits or tolerances or risk appetite.

You see, all of those ideas (limits, tolerances, appetites) are based upon an opinion about the future. And the winner just has a different opinion about the future of his/her risk. The fact that the winner’s opinion proves itself as experience shows that the bad outcome that those worrying risk people said was the future is not the case. When the winner suddenly makes a bad call (see London Whale), that shows that their ability to see the future better than the risk department’s models may be done. You see, there are very very few people who can keep the perspective needed to consistently beat the market. (RISKVIEWS thinks that the fall off might well follow an exponential decay pattern as predicted by statistics!)

The current ideas of a proper Risk Culture (see FSB consultation paper) are doubtless not what most firms set up as their initial response to risk. That paper focuses on four specific aspects of Risk Culture.

Tone from the top: The board of directors11 and senior management are the starting point for setting the financial institution’s core values and risk culture, and their behaviour must reflect the values being espoused. As such, the leadership of the institution should systematically develop, monitor, and assess the culture of the financial institution.

Accountability: Successful risk management requires employees at all levels to understand the core values of the institutions’ risk culture and its approach to risk, be capable of performing their prescribed roles, and be aware that they are held accountable for their actions in relation to the institution’s risk-taking behaviour. Staff acceptance of risk-related goals and related values is essential.

Effective challenge: A sound risk culture promotes an environment of effective challenge in which decision-making processes promote a range of views, allow for testing of current practices, and stimulate a positive, critical attitude among employees and an environment of open and constructive engagement.

Incentives: Performance and talent management should encourage and reinforce maintenance of the financial institution’s desired risk management behaviour. Financial and non-financial incentives should support the core values and risk culture at all levels of the financial institution.

(These descriptions are quotes from the paper)

These practices are supported by the Risk Culture for a few very new firms. As well as a very few other firms (and we will mention why that is in a few paragraphs). But for at least 80 percent of financial firms, these items, if they are happening, are not at all supported by the Risk Culture. The true Risk Culture of a successful firm has evolved based upon the original choices of the firm and the decisions and actions taken by the firm that have been successful over the life of the firm.

These aspects of Risk Culture are a part of one of the three layers of culture (see Edgar Schein, The Corporate Culture Survival Guide). He calls those layers:

Artifacts

Espoused Values

Shared Assumptions

The four aspects of Risk Culture featured by the FSB can all be considered to be “artifacts”. Those are the outward signs of the culture, but not the whole thing. Espoused Values are the Memos, policies, speeches, mission and value statements.

Coercion from outside the organization, such as through regulator edict, can force management to change the Espoused Values. But the real culture will ignore those values. Those outside edicts can force behaviors, just as prison guards can force prisoners to certain behaviors. But as soon as the guards are not looking, the existing behavioral standards based upon the shared assumptions will re-emerge.

When the insiders, including top management of an organization, want to change the culture, they are faced with a difficult and arduous task.

Based on Moody’s updated views on US government support and standalone bank considerations, Moody’s lowered by one notch the senior holding company ratings of Morgan Stanley, Goldman Sachs, JPMorgan, and Bank of New York Mellon.

“We believe that US bank regulators have made substantive progress in establishing a credible framework to resolve a large, failing bank,” said Robert Young, Managing Director. “Rather than relying on public funds to bail-out one of these institutions, we expect that bank holding company creditors will be bailed-in and thereby shoulder much of the burden to help recapitalize a failing bank.”

Like this:

Many people in Europe have worked very hard for many years, attempting to perfect solvency oversight for insurers. The concepts underlying Solvency II are the best thinking about risk regulation that the world has ever seen.

However, there are two fundamental flaws that are drivers of the problems that Solvency II is having in getting to the point of actual implementation.

The first flaw is the targeted level of required capital. When Solvency II was first imagined, banks seemed to be well run and well regulated. And under that system banks were reporting returns in the high 20’s. Insurer returns rarely hit the perennial 15% target. Banks tended to operate right at their level of regulatory required capital. Insurers looked at that and suggested that the capital requirement for Solvency II should be at a level that the largest insurers would be comfortable operating at. There was also a big push for a single set of books. So with a solvency requirement at the level where a rational insurer would want to operate that would mean that in addition to having only one set of books, there would only be one important capital target. (for discussion of the flaw in the idea of “one number” management, see Risk and Light.) But the reason why setting the required capital at that high of a level is that it then leaves no room for error or for disagreement. (Disagreement is absolutely inevitable. See Plural Rationalities.) The capital calculation needed to be just right. A capital requirement that was at say 2/3 of the level a prudent company would want to operate at would leave room for errors and disagreements. If for some risks the requirements were even 50% higher than what some would feel is the correct number, then companies could in fact live with that. It would become known in the marketplace that companies that write that risk are likely to have tighter solvency margins, and everyone would be able to go about their business. But with a target that is so very high, if some risk is set too high, then there would be firms who are forced to hold higher capital than makes sense in their minds for their risks. That completely destroys the idea of management relying upon a model that is calibrated to what they believe is the wrong result. It also encourages firms to find ways to get around the rules to only hold what they believe is the right level of capital. What we are seeing now is the inevitable differences in opinions about riskiness of some activities. The differences of opinion mean the difference between being in business and not for companies concentrated in those activities. Or for being in those businesses or not for more diversified groups. If the Solvency II target was set at, for instance, a 1 in 100 loss level, then there might be room for compromise that would allow that activity to continue for firms willing to run a little tight on solvency margin.

==========================================

The second flaw, that surprisingly has only been raised very recently is to total lack of any cost benefit criteria for the process. If further refinement of Solvency II could prevent one insolvency over a 10 year period, yet would cost other insurers $100 million in expenses and $1 billion in additional capital, is that a good trade-off? This is the exact sort of thinking that Solvency II REQUIRES of insurers. EIOPA ought to have a complex model of the insurance industry in Europe so that they can show the risk reward relationship of all of their rules. What? You say that is terribly difficult and complicated and would not provide reliable guidance? EIOPA should live in the same world that they are requiring of insurers. Without even a simple minded cost benefit requirement, anything can make it into Solvency II. The exposure process allows questions to be raised about cost/benefit, but in many cases, that has not happened. Besides, with no stated criteria for cost benefit, the question is ultimately solved by judgment. So now we have insurers saying that they will withdraw from parts of the Solvency II process because they are too expensive. Those insurers have not put forward an objective criteria under which they reached that conclusion either.

It seems unlikely at this point that either of these flaws of Solvency II will be fixed. A lower standard would seem to too many to be a retreat, a dilution of the power of Solvency II. Imposing a risk reward or cost benefit rule would result in crazy inconsistencies between decisions made after the rule with those made before or else a very long wait as all of the parts of Solvency II are examined under such a rule.

So it is yet to be seen whether those faults will in the end be fatal. Solvency II could be tied up in arguments until it is abandoned, it could limp into practice with very mixed support and then be pulled after a few years and enough unanticipated implementation issues, or it could soar for a long run of effective prudential oversight as its designers originally hoped.

Like this:

Think of it somewhat like the town that just suffered a very bad winter season with huge snowfalls that they were unprepared for clogging up everything for weeks on end. They spend the spring fixing up and deciding what to do. Their conclusion is to have all town employees carry snowshovels at all times and to keep snow plow trucks patrolling the streets all day and all night through the entire summer. Sometime in early fall, they decide that was a waste of time and sell all the shovels and trucks by the end of the fall.

RISKVIEWS does not think that our situation will include any systemic risks that we will anticipate. We will not repeat the exact same mistakes. Systemic risk oversight will in the end be a fixed Maginot Line defense.

What we need is

to figure out how to distinguish between creation of wealth by new innovation and by extraction from past innovation so that we can encourage the former and discourage the later. The former widely distributes increases in wealth while the latter concentrates it. The former creates growth while the latter captures the benefits of future growth now – which means that we will not have them later.

to understand leverage better. Look at the Minsky Financial Instability Model myself. Often, we are not honest with ourselves on the extent of debt. RISKVIEWS favors full disclosure over regulations. For example, firms should disclose the amount of debt that is implicit in derivative positions. And disclose the counterparties for that debt.

to figure out how we are going to find the next big thing that will employ all of the people who are now permanently, structurally unemployed. We can keep hoping for something that increases wealth, something that merely decreases wealth less than the current situation or something that decreases wealth but employs people.

to orient research into how to operate an economy in the long term with much less or no growth. Most of our economic expectations are built off of a constantly growing economy. With population about to start falling, we will necessarily experience much less growth. We don’t collectively even have any idea of what the shift to large retired populations will do to our economies.

The regulators need to focus on whatever is within their purview that gets in the way to accomplishing those things.

For the town above, that means storing the snow shovels to the winter and looking at the problems of the summer heat. They still need to keep an eye out for the next winter. But that does not mean it needs to be a primary focus NOW.

Share this:

Like this:

The US and Global banking regulators have been tasked with regulating systemic risk. One area where they admit that they are unprepared is with the insurance sector. In the recent Global Financial Crisis, several insurance companies played a pivotal role, specifically AIG and the US Financial Guarantee insurers. Most insurers do not consider their activities that helped to build up the bubble and precipitate the crisis to be insurance activities and therefore persist in saying to regulators that insurance is not a systemically important sector. However, the political facts are that AIG and the Financial Guarantors are/were insurers and the idea of leaving insurance completely out of the efforts to prevent a future systemic crisis is simply not a possible.

Last week, the American Academy of Actuaries provided a letter to the US Financial Stability Council titled, “Metrics to Enable FSOC to Monitor Insurance Industry Systemic Risk”. That letter provides a good starting point for discussion of the issues involved in bringing the insurance sector into the discussion. For example, the letter provides the following list of ways that an insurer might have systemically significant risks:

The interconnectedness of the insurance industry when part of a financial services group.

The interconnectedness of a U.S. insurance company that is owned by a foreign financial services company.

The insurance industry as a lender to the US economy (e.g. through its purchase of corporate bonds).

The interconnectedness of risk assumption services external to the insurance industry when part of a financial services group.

Riskviews cautions the participants in this discussion to realize that it is most likely that the next systemic crisis will take a different form than the past crises. So setting up measures and regulatory structures that will prevent a recurrence of past crises is no guarantee of preventing a future crisis.

This letter, with its emphasis on setting down broad principles for Systemic Risk in the insurance industry is a good step in the right direction. Much broad based discussion is needed to take this further to produce a truly dynamic, principles based monitoring and regulating structure that will be imaginative and flexible enough to actually be of future good, not just short term political cover.

Like this:

PNC Chairman and Chief Executive Officer James E. Rohr is quoted in the Balitomore Sun as saying that Dodd Frank would raise costs and that those costs would ultimately be passed along to the customers.

Now Riskviews is not trying to suggest that Dodd Frank is necessarily good risk management.

But risk management, like regulation, usually has a definite cost and indefinite benefits.

The opponents of Dodd Frank, like the opponents of risk management will always point to those sure costs and a reason not to do regulations or risk management.

But with Dodd Frank, looking backwards, it is quite easy to imagine that more regulation of banks could have a pennies to millions cost – benefit relationship. The cost of over light regulation of the banks was in the trillions in terms of the losses in the banks plus the bailout costs to the government PLUS the costs to the economy. Everyone who has lost a job or lost profits or lost bonuses or who will ultimately pay for the government deficit that resulted from the decreased economic activity have or will pay the cost of underregulated banks.

The same sort of argument can be made for risk management. The cost of good risk management is usually an increase to costs or a decrease to revenues in good times. This is offset by a reduction to losses that might have been incurred in bad times. This is a view that is REQUIRED by our accounting systems. A hedge position MUST be reported as something with lower revenues than an unhedged position. Lack of Risk Management is REQUIRED to be reported as superior to good risk management except when a loss occurs.

Unless and until someone agrees to a basis for reporting risk adjusted financials, this will be the case.

Someone who builds a factory on cheap land by the river that floods occasionally but who does not insure their factory MUST report higher profits than the firm next door that buys expensive flood insurance, except in the year that the flood occurs.

A firm that operates in a highly regulated industry may look less profitable than a firm that is able to operate without regulation AND that is able to shed most of their extreme losses to the government or to third parties.

Someone always bears those risk costs. But it is a shame when someone like Rohr tries to make that look as if the cost of regulation are the only possible costs.